Breach Based on Harm Threshold: YES
Deadline for Consumer Notice: Without unreasonable delay*
Government Notification Required: YES
Scope of this Summary
Form of Covered Info
Encryption Safe Harbor
Timing: Must be made without unreasonable delay taking any necessary measures to determine sufficient contact info, determine the scope of the breach and to restore the reasonable integrity, security and confidentiality of the system.
Content: Notice must be clear and conspicuous and include: a description of the incident in general terms; types of covered info involved; covered entity’s general acts to protect against further unauthorized access; covered entity’s telephone number that the resident can call for further information and assistance, if one exists; advice that directs residents to remain vigilant and review account statements and free credit reports; toll-free numbers and addresses for the major CRAs; and toll-free numbers, addresses, and websites for the FTC and the NC Attorney General's office, along with a statement that the resident can obtain information about preventing identity theft from these sources.
Method: By written notice, telephonic notice (provided that contact is made directly with the affected persons), or electronic notice (if residents have agreed to receive communications electronically and notice is consistent with E-SIGN). Substitute notice is available if certain criteria are satisfied.
If residents are notified, must notify the Consumer Protection Division of the Attorney General's office without unreasonable delay and provide the nature of the breach, number of consumers affected, steps taken to investigate the breach, steps taken to prevent a similar breach in the future, and information regarding the timing, distribution and content of the consumer notices.
N.C. Admin Code 3M.0402: Mortgage licensees must notify the Commissioner of the North Carolina Banking Commission within one business day of providing notice to resident.